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AMENDMENT TO CLAIMS 
Please amend claims 1 and 10, as follows. Please add claims 19 and 20, as follows. 

1. (Currently Amended) A machine-implemented method for managing access to data, the 
method comprising the steps of: 

registering with a database server a user defined policy function to associate with at least 

two columns of two tables; 
wherein registering causes said database server to generate database metadata that 

associates said policy function with said at least two columns in at least of two 

tables; 

based on the metadata, said database server detecting that a query references said at least 

two columns; and 
in response to the step of detecting: 

said database server invoking said policy function to generate a condition 

expression returned by the policy function; and 
rewriting said query by creating a modified query to incorporate said condition 
expression, based on the database query. 

2-3. (Cancelled) 

4. (Previously Presented) The method of claim 1, wherein the policy function is not invoked 
by detecting that a database command requires access to a subset of tables of the at least 
two tables, wherein the subset of tables includes at least one table. 

5-6. (Cancelled) 

7. (Previously Presented) The method of claim 1, wherein the detecting includes detecting that 

metadata defines the columns as a combination of columns to which access is controlled. 
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8. (Previously Presented) The method of claim 1, further comprising the step of registering a 
policy function with a policy. 

9. (Previously Presented) The method of claim 8, wherein the policy includes metadata 
identifying the columns. 

10. (Currently Amended) A machine-readable medium carrying one or more sequences of 
instructions, which when executed by one or more processors, causes the one or more 
processors to perform a method comprising the steps of: 

registering with a database server a user defined policy function to associate with at least 

two columns of two tables; 
wherein registering causes said database server to generate database metadata that 

associates said policy function with said at least two columns in at least of two 

tables; 

based on the metadata, said database server detecting that a query references at least two 

columns; and 
in response to the step of detecting: 

said database server invoking said policy to a generate of a condition expression 

returned by the policy function; and 
rewriting said query by creating a modified query to incorporate said condition 
expression, based on the database query. 

11-12. (Cancelled) 
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13. (Previously Presented) The machine readable medium of claim 10, wherein the policy 

function is not invoked by detecting that a database command requires access to a subset of 
tables of the at least two tables, wherein the subset of tables includes at least one table. 

14-15. (Cancelled) 

16. (Previously Presented) The machine readable medium of claim 10, wherein the detecting 
includes detecting that metadata defines the columns as a combination of columns to which 
access is controlled. 

17. (Previously Presented) The machine readable medium of claim 10, wherein the method 
further comprises the step of registering a policy function with a policy. 

18. (Previously Presented) The machine readable medium of claim 17, wherein the policy 
includes metadata identifying the columns. 

19. (New) The method of claim 1, wherein a join predicate in said query references both of said 
at least two columns. 

20 (New) The machine readable medium of claim 10, wherein a join predicate in said query 
references both said at least two columns. 
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